slide 1: The Top Cyber Security Risks in Asia-Pacific In 2017
Cybercriminals will continue to innovate through ransomware
The malware business is a business like any other: cyber threat groups compete and innovate
with the most successful growing and spreading rapidly. Given the success of ransomware in
2016 we will see a continuation of ransomware attacks – with new innovations emerging and
propagating according to whichever attracts most payment.
2016 saw real innovation in the ransomware market with a particularly interesting recent variant
called ‘Popcorn Time’ that allows the victim’s files to be decrypted for free if they can infect two
other people.
Commoditized versions of ransomware will however be a less pervasive threat for large
corporations as they gradually improve the management of this threat and their ability to
mitigate it. Rather criminals will target high-value assets using more sophisticated and
innovative ransomware variants and will develop additional functionality to seek out more
lucrative individual targets within organizations to enhance the chance of victims paying
ransoms. Criminals will extort victims not only by threatening to deny access to data but also by
threatening to publish sensitive data.
Website defacements will be old school – website ransoms will be the new tactic
slide 2: One specific kind of attack we expect to grow is website ransomware where the contents of
websites are targeted. This trend started emerging in Asia last year:
• In November several websites were found to be compromised and their web contents
encrypted by a ransomware variant called JapanLocker. Control Risks’ research into this variant
reveals that it was developed by a hacker known as Shor7cut a member of the Indonesian
Defacer Tersakiti group. This group is well known in the Indonesian hacking community and has
more than 22000 members.
• In October several Pakistani government websites were compromised and their contents
encrypted by the CTB-Locker ransomware. The hackers believed to be from the Indian group
known as Hell Shield Hackers used this method to retaliate after Pakistani hackers breached
nearly 7000 Indian websites.
• In March a ransomware variant known as KimcilWare was spotted targeting websites running
the Magento eCommerce platform. This variant is thought to have been developed in Indonesia.
• Also in March Kaspersky Lab detected more than 70 servers located in ten countries
compromised by the CTB-Locker ransomware. Most of the victims were from the US this
shows how threat actors in Asia Pacific are taking successful tools from other regions adapting
them and applying them in their own region.
Such attack techniques will continue to emerge and evolve in 2017. We foresee further
ransomware variants of this kind being developed by threat actors in Asia Pacific and used for
cyber activist and cybercriminal activities in the region.